What is it?

LightScope is free, open source software built by Eric Kapitanski as part of his PhD research at the University of Southern California Information Sciences Institute (ISI). Those who deploy it are rewarded with rich threat intelligence about who's targeting their systems and how.

What does the software do?

Observes attacker interactions with closed ports on live hosts, forwards that traffic to honeypots, and automatically reports attackers.

What do you get for running it?

Detailed information about who's targeting you, automatic reporting of malicious actors to ISPs, and personalized IP blocklists.

What DOESN'T it do?

It's not antivirus or EDR, and it won't slow down your system. It's not a WAF, and it doesn't examine traffic to running services (for privacy reasons).

Why should I run it?

• See who's attacking your server
• Find attacks on your laptop via public WiFi
• Discover compromised devices scanning your network
• Support open cybersecurity research

What data do you collect?

We are interested in the traffic scanners and attackers send to closed ports on your servers. Your IP is fully anonymized and we do not collect any identifiable data about your machine. We went through IRB to certify our methods. Details in FAQs.